Opinion: Users May Account for 50% of the PSN Problem [UPDATED]

Yes. You, the user. I assert that you are a major contributing factor to the problem at hand. I'm fair though and claim some of that responsibility, or I would if I had my personal info on PlayStation Network (PSN) but I don't.

The recent Sony "debacle," or what some 'journalists' have penned as the Great SonyDebacle, has spun to mega-deluxe proportions by just about everyone that can spell their own name correctly and usess the Internet - as though 10 years from now a middle school student will be asked by their teacher to flip to page 212 of a U.S. History book and begin reading a chapter about this event right next to the mildly 'educational' blurb on "too big to fail."

Earlier in the week, The Escapist ran two articles. One alleging "a poll" (of about 2500 people) indicated 1/5 (or a less sensational 20%) of PSN users were looking to switch to XBOX. The other article contained an opinion from GeoHots, the hacker that cracked the PS3 and distributed the code for everyone on the internet, about Sony, PSN, and this "fiasco." (buzz words sure are fun)

What
I gather from the referenced poll is that 1/5 of PS3 owners also think like total morons. I may be in that 20% moron, but not for jumping ship over superficial gaming after-thoughts. Heading over to the XBOX is the prerogative of the user undoubtedly, but
to assume data is safer with any other network isn't very wise
considering users will place the same trust and data on a different network that has been attacked previously (remember 2008?). With no word from Microsoft as to any additional measures taken to ensure they do not fall victim to a similar attack, it may be time to consider how seriously they take themselves and if at any point they are thought as "taking themselves too serious" then should we fear that it may be seen as "arrogant"? Obviously a group of hackers set the metric for the social norm, right?

Now,
many XBOX fan-persons are claiming that XBOX Live (XBL) is superior; that no one will
hack it. Whether XBL is superior is a matter of opinion and I'm not getting into that (aside from an irrelevant issue, I don't particularly care what someone else likes). However, "Major Nelson" and Stephen Toulouse would strongly
disagree that XBL isn't hackable or hasn't been hacked as both have had their XBL accounts hacked maliciously. Additionally, neither case
on XBL resulted in Microsoft attempting network investigation to discover the perpetrators and prepare to take legal action against them. Microsoft just bans the XBOX and the user pretty much walks away without an online account. On XBL hacking of accounts continues to run pretty high. Sony has however, brought in outside help - which countermands the concept of "gloating" or "prideful." At least it can be said they've recognized that the problem is larger than they can handle alone. This is something that should make people feel less angry because it indicates affirmative action rather than just sweeping the problem under a rug; it's addressed as a serious issue.

So, with that - it's just ridiculous that this event has spurred so much ire from the level and direction it has.

50%
of it is the end result of unsafe digital practice from the consumer
end - putting personal data and CC info saved to a server owned by a
corporation always carries risk, and every site that allows the option
has a disclaimer explaining it; it's not their fault someone is too
stupid or lazy to read it.With that, risk is more or less a gamble, right? As a general rule - never gamble more than you can afford to lose, ever. I can't afford to lose, so I invest in PSN cards. Unsurprisingly people aren't really exploring the idea of blaming themselves too much. I mean, that would be like expecting a sexually assaulted hooker to consider part of the problem is soliciting strangers for sex, alone in a dark back-alley. Crazy talk, I know.

10% of it is because someone, or a
group of people, felt uppity about a policy they disagreed with; by taking it upon
themselves to administer their idea of vengeance or justice on behalf
of people who never otherwise asked, they've created this ***-storm of nonsense that will ultimately cost the very people they
allegedly intended to "liberate". Piss poor planning mixed with
self-righteousness indignation never plays out well and like America in a proxy war, just because "we" like democracy doesn't mean "we" have the right to "enlighten" other people to it at will. Ironic really, forcing "choice" sort of countermands the concept doesn't it?

Hack the world, *** yeah!

25% may be due to
something similar to Pearl Harbor (and I mean nothing ethnic by this) - Sony may have known it was coming and
didn't do much to brace for the impact. As a result the attack took the
system to a grinding halt. I understand why Sony didn't come outright
and immediately state that information could be compromised - because if
it turned out to be false people would already be hysterical and Sony
would look stupid. If true, then the demand for more information
would be so great that anything said at that time wouldn't be 100%
substantiated. It is bad practice to release potentially false information,
and saying "maybe and maybe not" as an immediate answer is worse than not saying anything at all because it allows for further media speculation based on rampant second-hand sources (at least that what I hear on the streets).

15% is caused by the game and industry media
that will fuel and sensationalize the reports for readership, link
clicks, and ad revenue. The primary objective of any media business is to sell ads and ad space by generating views. This is especially true in a "community" based site. Truth and valid information
backed by sound investigation into what actually happens get tossed to the wayside when in view of monetary
gain, corporate interests, and industry desire - and the people are all the dumber for it.Notice how many "news" sources actually link directly to the PlayStation blog and cite the source directly (hint: very few). And if you like what I'm saying, be sure to subscribe to my blog....(brought to you by Carls' Jr.)

Now until more information is
revealed on the technicals, I can only speculate, but I bet Sony's
arrogance and misunderstanding of ownership put them in this position.
Sony execs probably haughtily chuckled at the idea of threat modeling.
Traditionally the trust boundary for a web service exists between the
server and the client. But Sony believes they own the client too, so if
they just put a trust boundary between the consumer and the client(can't
trust those pesky consumers), everything is good. Since everyone knows
the PS3 is unhackable, why waste money adding pointless security between
the client and the server?

This arrogance undermines a basic security principle, never trust the client. It's the same reason MW2
was covered in cheaters, EA [sic - he means Activision] even admitted
to the mistake of trusting Sony's client. Sony needs to accept that
they no longer own and control the PS3 when they sell it to you. Notice
it's only PSN that gave away all your personal data, not Xbox Live when
the 360 was hacked, not iTunes when the iPhone was jailbroken, and not
GMail when Android was rooted. Because other companies aren't crazy.

Though he has a point, trusting the client is a bad idea - it's the
exact thing he was previously angry about and a primary contributing factor to
his previous actions. He felt that Sony, in their alleged arrogance, needed to
be taken down a few pegs and by hacking the device attempted to prove
that he could control what he paid for (then handed the keys out to the
public while simultaneously telling Sony in order to gather up the keys, they needed to hire him). So, technically, Sony didn't trust the client, only themselves a
bit too much (if we adopt the logic of GeoHotz). Many people are claiming "arrogance" and I really don't see it, at least anymore than any of the other console manufacturers or software developers. Sony has the "It only does everything" ads and Microsoft loves to update the media on how many units it sells by lumping in RRoD replacement units.

That
aside, it is true that XBL and iTunes or Android never gave away user
data - but neither did PSN. In all cases it was or "could be" ripped
out just like any encrypted information has the possibility of decryption. Combine a determined self-righteous hacker and a wealth of user stupidity and it creates a skeleton key.

Then again, people will undoubtedly jump over to another console, but only because they're *** retarded. As GeoHots explains "other companies aren't crazy," but social groups and individual idiots are.

I wonder, how many people potentially effected by this "fiasco" have stopped for a moment to consider that other services and sites holding their credit card info may fall victim to a similar attack sooner or later; identity theft happens daily and the more places you place an identity the greater the chances it can be stolen. I'd wager not many people have considered this, as they are too focused on pointing out the alleged arrogance of Sony, whining about an inability to play with their brother in the next room, and making grand announcement that they're about to "jump over to XBOX" to notice their own stupidity. There's no real point in announcing it - but look on the bright side - you've got your rage quit achievement.

Anyone care to back the GIO and Ars Technicha assertions that gaming is cheaper than ever now?

Yeah, I didn't really think so...

#winning

[UPDATE]

Apparently an offer to sell credit card information is floating around the inter-webber-nets. Among the rumored offer to sell, one sale is rumored to have been made to Sony to buy the sensitive credit card and PSN account information back but Sony allegedly declined that offer. Patrick Seybold of Sony claims no such offer was made. Several reports have cropped up from a small handful PSN account holders claiming fraudulent charges to their account. The current estimate of credit cards pillaged is in the range of 2.2 million, roughly 3% of the total PSN account holders. This estimate could change in either direction over time, however.

If there's something true about community organizations (such as gamers), its that a cult of personality develops over time for certain entities, sometimes more quickly than others. With the heated statements directed from some gamers it stands to reason that some of the complaints will be fabrications by people attempting to "stir the pot" and others will be from disenfranchised hackers that fancy themselves more than what they are (every culture has a group that think more highly of themselves than actually warranted). Should users still be worried? Absolutely. It would be borderline mentally deficient if users that placed credit card info on the PSN didn't get nervous. However the same user could also find the label placed on them if they say.... didn't immediately call the card issuer and seek to be issued an new card immediately. Yes, it's inconvenient waiting for a new credit card for 2-4 weeks, but it's also inconvenient having to battle and prove you didn't buy $2000 of baby Jesus figurines off eBay. Besides, cash - it's not broken.

On a lighter note, between 66 and 70 million PSN accounts were hacked, so although 2.2 million credit cards is many personal accounts and very capable of devastating the lives of many people and companies, it is a narrow scope of users comparatively (about 3%). What remains important is that thus far, this string of reports is not confirmed by law enforcement, security investigators, Sony, or even hackers that have previously attempted to implicate themselves (assumedly for glory).

In closing I would like to share the details of the email I received from Sony roughly two days ago (April 27, 2011) for two reasons: To reiterate my point about security and because I'm sure that some users haven't checked their email or have corporate communications sent to spam (which is something I tend to also do at times).

From Sony (emphasis mine):

Although we are still investigating the details of this incident, we believe that an unauthorized person has obtained the following information that you provided: name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID.It is alsopossiblethat your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained. If you have authorized a sub-account for your dependent, the samedata with respect to your dependent may have been obtained. While there is no evidence at this timethat credit card data was taken, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity,out of an abundance of cautionwe are advising you thatyour credit card number (excluding security code) and expiration date may have been obtained.

For your security,we encourage youto be especiallyawareof email, telephone and postal mail scams that ask for personal or sensitive information. Sony will not contact you in any way, including by email, asking for your credit card number, social security number or other personally identifiable information. If you are asked for this information, you can be confident Sony is not the entity asking. When the PlayStation Network and Qriocity services are fully restored, we strongly recommend that you log on and change your password. Additionally, if you use your PlayStation Network or Qriocity user name or password for other unrelated services or accounts, we strongly recommend that you change them as well.

To protect against possible identity theft or other financial loss, we encourage you to remain vigilant, to review your account statements and to monitor your credit reports. We are providing the following information for those who wish to consider it:

- U.S. residents are entitled under U.S. law to one free credit report annually from each of the three major credit bureaus. To order your free credit report, visit www.annualcreditreport.com or call toll-free (877) 322-8228.

- We have also provided names and contact information for the three major U.S. credit bureaus below. At no charge, U.S. residents can have these credit bureaus place a "fraud alert" on your file that alerts creditors to take additional steps to verify your identity prior to granting credit in your name. This service can make it more difficult for someone to get credit in your name. Note, however, that because it tells creditors to follow certain procedures to protect you, it also may delay your ability to obtain credit while the agency verifies your identity. As soon as one credit bureau confirms your fraud alert, the others are notified to place fraud alerts on your file. Should you wish to place a fraud alert, or should you have any questions regarding your credit report, please contact any one of the agencies listed below: